# Microsoft Entra

To rely on Entra for SSO, you need to register an application in your tenant and provide Teleskope a **Client Id**, **Client Secret,** and your **Tenant ID.**

## Setup

1. Navigate to <https://entra.microsoft.com/> and sign into your enterprise's Microsoft dashboard
2. Select **Overview** from the sidebar.&#x20;
   1. Collect your **Tenant** **ID:** `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
3. On your side bar, select **Applications,** then **App registrations**
4. Select **New registration**, and name your Teleskope SSO app.
   1. There will be a few authentication options, we recommend `Accounts in this organizational directory only (Single tenant)` as the simplest option
5. On your side bar, select **Applications,** **App registrations,** then select your newly created app.
   1. &#x20;Collect your `Application (client) ID`&#x20;
6. In your app's registration page, under **Certificates & Secrets**, select **New client secret.** Set a name and expiry
   1. Collect the resulting value as your `client_secret` .
7. In your app's registration page, select **API Permissions** and click **Add a Permission**.&#x20;
   1. Set up `delegated` permissions for Microsoft Graph, `admin consent` not required. You will need the `email`, `openid` and `profile` permissions set.
   2. **Note:** if your tenant disables user consent for apps, you will need to grant `admin consent`.
8. In your app's registration page, select **Authentication,** **+ Add a Platform, Web,** then enter your Redirect URI:&#x20;
   1. Example: **<https://api.mission-control.\\><DOMAIN>/auth/microsoft/callback**
   2. **\<DOMAIN>** is typically **CompanyName.teleskope.ai**

## Provisioning

1. Assign users to your new Teleskope Entra app.
2. A first/last name in Entra is required for any user logging into Teleskope.